Jump to content


Photo

[RESOLVED] Infected again.


  • You cannot start a new topic
  • Please log in to reply
23 replies to this topic

#1 Scorpy

Scorpy

    Member

  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 22 July 2013 - 05:18 AM

Seems its never ending saga for me.......my machine is infected again...damn it. But thankfully Broni is the man with super power upto to the rescue here............... :dancin_banana:  :jumping_dude: :Red-Wink:   :my_master:  :my_master:

Edit: OS - WIN 7

 

 

 

MBAM Log:

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.07.18.03
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Admin1 :: MJ-LAPPY [administrator]
 
Protection: Enabled
 
18/Jul/2013 20:06:22
MBAM-log-2013-07-20 (00-00-46).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 599839
Time elapsed: 4 hour(s), 48 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 44
C:\Users\Admin1\AppData\Roaming\IDM\DwnlData\Admin1\sHaRewbb_wdsvdeoconvert6505new_1749\sHaRewbb_wdsvdeoconvert6505new.rar (PUP.Riskware.Patcher) -> No action taken.
C:\Users\Admin1\Desktop\Ezy Invoice Pro\Ezy Invoice 10 Pro 10.6.3.11\Patch\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Admin1\Documents\samsung\Kies\Backup\GT-N7100\GT-N7100\GT-N7100_\GT-N7100_20130605032815\Others\Download\skype-img-04-17-2013.zip (Backdoor.Bot) -> No action taken.
C:\Users\Admin1\Dropbox\Samsung Note II\Downloads\skype-img-04-17-2013.zip (Backdoor.Bot) -> No action taken.
C:\Users\Karan\Downloads\Compressed\Beyond.Compare.Pro.v3.3.4.14431.Incl.Keymaker-CORE.rar (PUP.Keygen.Intro) -> No action taken.
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\adobe.acrobat.xi.pro.patch-MPT.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Program Files\Wondershare\Video Converter Ultimate\wondershare.video.converter.ultimate.6.x-patch.exe (PUP.Riskware.Patcher) -> No action taken.
C:\Program Files\EzySoft\EzyInv10\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Program Files\EzySoft\InstInvoiceCashBook10\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Program Files\Internet Download Manager\Patch 6.xx.exe (Riskware.Tool.CK) -> No action taken.
D:\Pen Drive\Make Windows Xp Genuine Forever (100-)mpr0k.blogspot.com.rar (PUP.RemoveWGA) -> No action taken.
D:\Pen Drive\MS OFF Check 1\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office 2010 Toolkit\Office 2010 Toolkit.exe (RiskWare.Tool.CK) -> No action taken.
D:\Samsung Backups\Backup\GT-N7100\GT-N7100_20130417062814\Others\Download\skype-img-04-17-2013.zip (Backdoor.Bot) -> No action taken.
D:\Softwares\Internet Download Manager 6.15 build 10 Final.zip (RiskWare.Tool.CK) -> No action taken.
D:\Softwares\PlatinumHideIP.3.2.8.8.rar (PUP.Riskware.Patcher) -> No action taken.
D:\Softwares\STOIK_Smart_Resizer_v3.0.0.3940.zip (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\ADOBE ACROBAT XI(11) PRO Keygen and patch.rar (PUP.Hacktool.Patcher) -> No action taken.
D:\Softwares\petaleech.com_Revo_Uninstaller_Pro_2.5.3_-_stevsinus030.rar (RiskWare.Tool.CK) -> No action taken.
D:\Softwares\Malwarebytes.Anti-Malware.PRO.v1.75.0.1&00.Incl.Keymaker.rar (Dont.Steal.Our.Software) -> No action taken.
D:\Softwares\455e106i455p106e.rar (PUP.Hacktool.Patcher) -> No action taken.
D:\Softwares\winrar 4.20 final activated-akhilesh910.zip (RiskWare.Tool.CK) -> No action taken.
D:\Softwares\Beyond.Compare.Pro.v3.3.4.14431.Incl.Keymaker-CORE\cr-rax03.zip (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\Beyond.Compare.Pro.v3.3.4.14431.Incl.Keymaker-CORE\cr-rax03\CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\IncrediMail_2_6.29_Build_5139\IncrediMail 2 6.29 Build 5139\Patch for Win7\incredimail.plus.v6.xx.xxxx.win7-patch.exe (PUP.Hacktool.Patcher) -> No action taken.
D:\Softwares\IncrediMail_2_6.29_Build_5139\IncrediMail 2 6.29 Build 5139\Patch for WinXP\incredimail.plus.v6.xx.xxxx.xp-patch.exe (PUP.Hacktool.Patcher) -> No action taken.
D:\Softwares\Adobe Acrobat XI Pro v11.0.0 Multilanguage + Crack\Adobe Acrobat XI Pro v11.0.0\~Get Your Software Here\Crack\CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\Adobe Acrobat XI Professional 11.0.3\keygen.rar (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\Adobe Acrobat XI Professional 11.0.3\keygen\CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\Office.2010.Activator\Office 2010 Toolkit.exe (RiskWare.Tool.CK) -> No action taken.
D:\Softwares\MS Office 2010 activation\M O2010 act\zyberbackup.k.m.s.actv1.2_zyberakuma\zyberbackup.k.m.s.actv1.2_zyberakuma\mini-KMS_Activator_v1.2_Office2010_VL_ENG.exe (Riskware.Crk) -> No action taken.
D:\Softwares\ipb board new\Internet_D0wnl0ad_Manager_6.03_Beta_Build_2.rar (Riskware.Tool.CK) -> No action taken.
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\core.rar (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\core\CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
D:\Softwares\Ezy Invoice Pro 10.6.3.11\ezyinvoice10.exe (PUP.SmsPay) -> No action taken.
D:\Softwares\Ezy Invoice Pro 10.6.3.11\Patch\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> No action taken.
D:\Softwares\Gaurav\Coral 13\keygen.exe (RiskWare.Tool.CK) -> No action taken.
D:\Softwares\Windows 8 & Office 2010\w8\win 8 personilazation.exe (Trojan.Dropper.SFX) -> No action taken.
D:\Softwares\Windows 8 & Office 2010\w8\win 8 personilazation.rar (Trojan.Dropper.SFX) -> No action taken.
D:\Softwares\Windows 8 & Office 2010\w8\win 8 personilazation\win 8 personilazation.exe (Trojan.Dropper.SFX) -> No action taken.
D:\USB Data\Office.2010.Activator\Office 2010 Toolkit.exe (RiskWare.Tool.CK) -> No action taken.
D:\Users\Mohit Jindal\Downloads\Compressed\brstream.com_IncrediMail_2_6.29_Build_5139.zip (PUP.Hacktool.Patcher) -> No action taken.
D:\Users\Mohit Jindal\Downloads\HI-Sharp\Make Windows Xp Genuine Forever (100-)mpr0k.blogspot.com.rar (PUP.RemoveWGA) -> No action taken.
D:\Users\Mohit Jindal\Downloads\HI-Sharp\Adobe_Acrobat_ProX_v_10.0.0.396.Multilingual_2\cr-20koe\CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
 
(end)
________________________________________________________________________________________________________
 
 
DDS Log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16576
Run by Admin1 at 10:33:24 on 2013-07-22
#Option Extended Search is enabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.91.1033.18.1910.1013 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Connector\Connector.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
 
 
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Wondershare Video Converter Ultimate: {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - c:\program files\wondershare\video converter ultimate\SVRIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
uRun: [Google Update] "c:\users\admin1\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [uTorrent] "c:\users\admin1\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRunOnce: [PlatinumHideIPunstall] <no file>
StartupFolder: c:\users\admin1\appdata\roaming\micros~1\windows\startm~1\programs\startup\captur~1.lnk - c:\program files\capturewiz\pro\CaptureWiz.exe
StartupFolder: c:\users\admin1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\admin1\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intern~1.lnk - c:\program files\internet download manager\IDMan.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
 
 
 
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{720D65E9-10C9-4D9B-8561-4B05C3665A9C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{720D65E9-10C9-4D9B-8561-4B05C3665A9C}\146535D4A4 : DHCPNameServer = 59.179.243.70 203.94.243.70
TCP: Interfaces\{720D65E9-10C9-4D9B-8561-4B05C3665A9C}\16673797374756D637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{720D65E9-10C9-4D9B-8561-4B05C3665A9C}\16673797374756D63713939323 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{720D65E9-10C9-4D9B-8561-4B05C3665A9C}\37572686163786 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{720D65E9-10C9-4D9B-8561-4B05C3665A9C}\44D2C496E6B6F5449425D2532343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{96183856-2A07-476B-B600-FE3B2BAFB645} : DHCPNameServer = 192.168.24.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin1\appdata\roaming\mozilla\firefox\profiles\3rydkq87.default-1361286208117\
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\progra~1\micros~1\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\lattice\player3\npxvlplay.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\users\admin1\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_170.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_115.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-06-18 16:49; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files\wondershare\video converter ultimate\SVRFirefoxExt
FF - ExtSQL: 2013-06-18 17:28; support@platinumhideip.com; c:\users\admin1\appdata\roaming\mozilla\firefox\profiles\3rydkq87.default-1361286208117\extensions\support@platinumhideip.com.xpi
FF - ExtSQL: 2013-06-18 23:46; web2pdfextension@web2pdf.adobedotcom; c:\program files\adobe\acrobat 11.0\acrobat\browser\WCFirefoxExtn
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2013-1-10 87968]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-5-9 146592]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-5-9 76960]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-2-18 233472]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\hwdeviceservice.exe -/service --> c:\programdata\datacardservice\HWDeviceService.exe -/service [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-8-1 13592]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-1-10 1816064]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-10-26 83184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-18 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2013-5-27 196616]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-4-18 1227800]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-4-18 659992]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-9 4153184]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-7-27 2320920]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-5-9 34976]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-5-9 259232]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-5-9 24736]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-5-9 175776]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-5-9 49312]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-5-9 141088]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-5-9 243872]
R3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\drivers\BthMtpEnum.sys [2009-7-14 51200]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-2-18 37344]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-3-19 73216]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-23 270336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-18 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2013-1-10 254608]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-8-14 552080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-2-6 585728]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-6-4 84248]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-3-19 102784]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2012-9-28 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-23 14848]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-6-10 27192]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-6-4 181912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-1-10 10496]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-23 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-23 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-3 1343400]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-8-27 105472]
.
=============== Created Last 60 ================
.
2013-07-22 04:49:47 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{03354b9e-3267-47fe-831c-75e1307b0335}\mpengine.dll
2013-07-20 14:22:15 -------- d-----w- c:\program files\PDF Password Remover
2013-07-20 14:08:46 -------- d-----w- c:\program files\Free PDF Unlocker
2013-07-20 07:10:09 -------- d-----w- c:\programdata\AheadPDF
2013-07-20 07:10:02 -------- d-----w- c:\program files\AheadPDF
2013-07-19 15:50:34 7143960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-17 11:17:20 698504 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{edb6684a-fdea-4758-b992-ea4a75cdbf00}\gapaengine.dll
2013-07-16 07:07:46 -------- d-----w- c:\program files\ProxyShell
2013-07-16 03:55:11 -------- d-----w- c:\program files\gs
2013-07-15 18:09:08 -------- d-----w- c:\program files\Lattice
2013-07-15 18:07:22 -------- d-----w- c:\program files\common files\Corel
2013-07-15 18:06:11 -------- d-----w- c:\program files\common files\Protexis
2013-07-15 17:59:35 -------- d-----w- c:\program files\Corel
2013-07-15 17:31:31 -------- d-----w- c:\programdata\CorelDRAW Technical Suite X6
2013-07-03 08:43:30 -------- d-----w- c:\program files\Microsoft Games
2013-06-27 09:57:36 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-06-27 09:56:40 -------- d-----w- c:\program files\Microsoft SQL Server
2013-06-26 05:47:36 -------- d-----w- c:\program files\PhotoWipe
2013-06-26 05:07:48 -------- d-----w- c:\program files\Paint.NET
2013-06-26 05:07:07 -------- d-----w- c:\users\admin1\appdata\local\Paint.NET
2013-06-24 13:29:02 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{05846abb-5e66-4933-90ea-0f36beedb751}\gapaengine.dll
2013-06-23 12:34:27 -------- d-----w- c:\users\admin1\appdata\roaming\XnView
2013-06-23 12:33:54 -------- d-----w- c:\program files\XnView
2013-06-23 12:17:14 -------- d-----w- c:\users\admin1\appdata\local\RadiantViewer
2013-06-23 12:17:11 -------- d-----w- c:\programdata\RadiAntViewer
2013-06-23 12:17:10 -------- d-----w- c:\program files\RadiAntViewer32bit
2013-06-23 11:09:42 -------- d-----w- c:\program files\MriWatcher
2013-06-18 18:37:59 -------- d-----w- C:\inetpub
2013-06-18 11:24:53 -------- d-----w- c:\programdata\xml_param
2013-06-18 11:22:41 -------- d-----w- c:\users\admin1\appdata\roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2013-06-18 11:20:21 -------- d-----w- c:\users\admin1\appdata\local\Wondershare
2013-06-18 11:20:20 -------- d-----w- c:\program files\common files\Wondershare
2013-06-18 11:19:44 -------- d-----w- c:\programdata\Wondershare Video Converter Ultimate
2013-06-18 11:19:38 -------- d-----w- c:\program files\Wondershare
2013-06-18 08:01:08 -------- d-----w- c:\program files\Adobe Download Assistant
2013-06-17 15:17:23 -------- d-----w- c:\users\admin1\appdata\roaming\Nitro
2013-06-17 15:17:22 -------- d-----w- c:\users\admin1\appdata\roaming\FileOpen
2013-06-17 15:17:22 -------- d-----w- c:\programdata\FileOpen
2013-06-17 15:14:41 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-06-17 15:14:41 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
2013-06-17 15:14:14 -------- d-----w- c:\program files\Nitro
2013-06-17 15:14:14 -------- d-----w- c:\program files\common files\Nitro
2013-06-17 15:14:11 -------- d-----w- c:\programdata\Nitro
2013-06-17 15:11:20 -------- d-----w- c:\users\admin1\appdata\roaming\Downloaded Installations
2013-06-10 13:43:02 -------- d-----w- c:\program files\MRIcro
2013-06-10 10:01:48 -------- d-----w- c:\users\admin1\appdata\local\VS Revo Group
2013-06-10 10:01:39 -------- d-----w- c:\programdata\VS Revo Group
2013-06-10 10:01:38 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-06-10 10:01:37 -------- d-----w- c:\program files\VS Revo Group
2013-06-05 09:44:38 821824 ----a-w- c:\windows\system32\dgderapi.dll
2013-06-04 03:45:02 84248 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-04 03:45:02 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-04 03:45:00 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-05-28 16:28:13 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2013-05-24 08:10:08 -------- d-----w- c:\users\admin1\appdata\roaming\EBBE
2013-05-23 09:09:41 -------- d-----w- c:\program files\EzySoft
.
==================== Find6M  ====================
.
2013-07-18 11:01:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 11:01:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-22 13:19:39 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-18 13:55:52 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-04-18 13:38:14 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-04-18 13:37:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2013-04-18 13:37:00 330240 ----a-w- c:\windows\MASetupCaller.dll
2013-04-18 13:37:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 09:20:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 00:06:01 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-04 00:05:52 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:53:27 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 03:33:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-02-27 05:05:53 101720 ----a-w- c:\windows\system32\consent.exe
2013-02-27 04:49:24 1796096 ----a-w- c:\windows\system32\authui.dll
2013-02-27 04:49:16 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 08:54:40 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-02-05 08:54:40 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-01-24 04:47:07 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
.
============= FINISH: 10:35:04.53 ===============
 
_________________________________________________________________________________________________________
 
Attach Log:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 27/Jul/2012 12:21:19
System Uptime: 21/Jul/2013 10:07:49 (24 hours ago)
.
Motherboard: Hewlett-Packard |  | 3674
Processor: Intel® Core™ i3 CPU       M 380  @ 2.53GHz | CPU | 2533/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 24.604 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 79.679 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP275: 15/Jul/2013 23:38:58 - Installed Runtime VS2005 SP1
RP277: 15/Jul/2013 23:39:28 - Installed Runtime VS2005 SP1 OpenMP 762
RP279: 15/Jul/2013 23:39:57 - Installed Runtime VS2005 SP1 All 6195
RP281: 15/Jul/2013 23:40:40 - Installed Runtime VS2008 CRT 1
RP283: 16/Jul/2013 09:20:29 - Installed XVL Player / XVL Player Pro (Ver. 9 or later)
RP285: 16/Jul/2013 09:21:31 - Installed Runtime VS2005 SP1 CRT 6195
RP287: 16/Jul/2013 09:23:03 - Installed Runtime VS2005 SP1 MFC 6195
RP289: 16/Jul/2013 12:37:41 - Revo Uninstaller Pro's restore point - Platinum Hide IP
RP291: 18/Jul/2013 21:13:44 - Microsoft Antimalware Checkpoint
RP292: 19/Jul/2013 21:19:42 - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat XI Pro
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Advanced Office Password Recovery
AMD APP SDK Runtime
AMD Catalyst Install Manager
ASF-AVI-RM-WMV Repair 2.01
Belarc Advisor 8.2
Beyond Compare Version 3.3.7
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Bluetooth Win7 Suite
CaptureWizPro 5.00
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2011-11-11
Corel Graphics - Windows Shell Extension
CorelDRAW Technical Suite X6
CorelDRAW Technical Suite X6 - Capture
CorelDRAW Technical Suite X6 - Common
CorelDRAW Technical Suite X6 - Common Apps
CorelDRAW Technical Suite X6 - Connect
CorelDRAW Technical Suite X6 - Core
CorelDRAW Technical Suite X6 - Custom Data
CorelDRAW Technical Suite X6 - Designer
CorelDRAW Technical Suite X6 - Draw
CorelDRAW Technical Suite X6 - EN
CorelDRAW Technical Suite X6 - Filters
CorelDRAW Technical Suite X6 - FontNav
CorelDRAW Technical Suite X6 - IPM
CorelDRAW Technical Suite X6 - IPM Content
CorelDRAW Technical Suite X6 - IPM Lattice
CorelDRAW Technical Suite X6 - PHOTO-PAINT
CorelDRAW Technical Suite X6 - Photozoom Plugin
CorelDRAW Technical Suite X6 - Redist
CorelDRAW Technical Suite X6 - Setup Files
CorelDRAW Technical Suite X6 - VBA
CorelDRAW Technical Suite X6 - VideoBrowser
CorelDRAW Technical Suite X6 - VSTA
CorelDRAW Technical Suite X6 - Writing Tools
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
EditPlus 3
Elcomsoft Blackberry Backup Explorer
ESET Online Scanner v3
File Repair
FileHippo.com Update Checker
Free PDF Unlocker
FUDVROCX V1.0.3.26
Ghostscript GPL 8.64 (Msi Setup)
GIMP 2.8.2
Gmail Backup
Google Chrome
Google Desktop
Google Drive
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Product Detection
Instant Invoice n CashBook 10
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Internet Download Manager
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.75.0.1300
MBlaze
Microsoft .NET Framework 4 Client Profile
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2013
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Word MUI (English) 2010
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Word MUI (English) 2013
Microsoft_VC100_CRT_SP1_x86
MozBackup 1.5.1
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 21.0 (x86 en-US)
MRIcro (remove only)
MriWatcher 1.3.2
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nitro Pro 8
Nokia Connectivity Cable Driver
Nokia Suite
NXPowerLite
On-Time Attendance Management System Version 6.9
Outils de vérification linguistique 2013 de Microsoft Office - Français
Paint.NET v3.5.10
PC Connectivity Solution
PhotoWipe 1.21
ProxyShell Hide IP 7.3.1
Qualcomm Atheros Driver Installation Program
RadiAnt DICOM Viewer (32-bit)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Recover Keys
Reliance Netconnect - Broadband+
Revo Uninstaller Pro 3.0.5
Runtime VS2005 SP1
Runtime VS2005 SP1 All 6195
Runtime VS2005 SP1 CRT 6195
Runtime VS2005 SP1 MFC 6195
Runtime VS2005 SP1 OpenMP 762
Runtime VS2008 CRT 1
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
SkyHistory 1.2.3
Skype Click to Call
Skype™ 6.6
STOIK Smart Resizer 3
Synaptics TouchPad Driver
System Requirements Lab for Intel
Tata Photon+
TeamViewer 8
TimeAttendance v7.1
Unlocker 1.9.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
VLC media player 2.0.7
WampServer 2.4
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
WinHTTrack Website Copier 3.47-11
WinRAR 4.20 (32-bit)
Wisdom-soft ScreenHunter 6.0 Pro
Wondershare Video Converter Ultimate(Build 6.5.0.5)
XnView 2.03
XVL Player / XVL Player Pro (Ver. 9 or later)
XVL Studio 3D Corel Edition
.
==== Event Viewer Messages From Past Week ========
.
20/Jul/2013 19:45:15, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 38-AA-3C-05-4C-48. Network operations on this system may be disrupted as a result.
19/Jul/2013 21:18:27, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
18/Jul/2013 19:10:29, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.155.165.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9700.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
18/Jul/2013 19:10:28, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.155.165.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9700.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
18/Jul/2013 16:50:13, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
16/Jul/2013 09:20:23, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address B4-F2-E8-22-D5-81. Network operations on this system may be disrupted as a result.
15/Jul/2013 22:54:52, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {AC746233-E9D3-49CD-862F-068F7B7CCCA4} as /. The error: "2" Happened while starting this command: C:\Program Files\Internet Download Manager\IDMan.exe -Embedding
15/Jul/2013 20:18:03, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 105.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft....5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 2.1.9607.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
15/Jul/2013 20:18:03, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.1493.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft....5D-99752CCA7094   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
15/Jul/2013 20:18:03, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.1493.0   Update Source: Microsoft Malware Protection Center   Update Stage: Search   Source Path: http://go.microsoft....5D-99752CCA7094   Signature Type: AntiSpyware   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x80072ee7   Error description: The server name or address could not be resolved 
15/Jul/2013 20:17:58, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.1493.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
15/Jul/2013 20:17:58, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.1493.0   Update Source: Microsoft Update Server   Update Stage: Download   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x80240022   Error description: The program can't check for definition updates. 
.
==== End Of File ===========================
________________________________________________________________________________________________________
 
 
Thanks in advance Broni.

Edited by Scorpy, 22 July 2013 - 05:27 AM.


#2 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 22 July 2013 - 11:14 PM

Please, observe following rules:

  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

=================================

 

p22002970.gif Your MBAM log says "No action taken".

Re-run MBAM, fix all issues and post new log.

 

p22002970.gif Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

 

p22002970.gif Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech....store-windows-8
- Windows 7: http://www.howtogeek...t-in-windows-7/
- Vista: http://www.howtogeek...system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22003266.jpg  p22003279.jpgp4279089.jpg


#3 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 25 July 2013 - 08:18 AM

Right Broni. Taken note of your instructions will do the needful as advised and come back to you.

 

Thanks



#4 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 25 July 2013 - 12:05 PM

Ok here are the logs:

 

MBAM

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.25.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Admin1 :: MJ-LAPPY [administrator]

Protection: Enabled

25/Jul/2013 13:51:11
mbam-log-2013-07-25 (13-51-11).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 606366
Time elapsed: 1 hour(s), 46 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 35
C:\Program Files\EzySoft\EzyInv10\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\Program Files\EzySoft\InstInvoiceCashBook10\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\Program Files\Wondershare\Video Converter Ultimate\wondershare.video.converter.ultimate.6.x-patch.exe (PUP.Riskware.Patcher) -> Quarantined and deleted successfully.
C:\Users\Admin1\AppData\Roaming\IDM\DwnlData\Admin1\sHaRewbb_wdsvdeoconvert6505new_1749\sHaRewbb_wdsvdeoconvert6505new.rar (PUP.Riskware.Patcher) -> Quarantined and deleted successfully.
C:\Users\Admin1\Desktop\Ezy Invoice Pro\Ezy Invoice 10 Pro 10.6.3.11\Patch\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\Users\Karan\Downloads\Compressed\Beyond.Compare.Pro.v3.3.4.14431.Incl.Keymaker-CORE.rar (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Pen Drive\Make Windows Xp Genuine Forever (100-)mpr0k.blogspot.com.rar (PUP.RemoveWGA) -> Quarantined and deleted successfully.
D:\Pen Drive\MS OFF Check 1\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office 2010 Toolkit\Office 2010 Toolkit.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Softwares\455e106i455p106e.rar (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\Softwares\Internet Download Manager 6.15 build 10 Final.zip (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Softwares\petaleech.com_Revo_Uninstaller_Pro_2.5.3_-_stevsinus030.rar (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Softwares\STOIK_Smart_Resizer_v3.0.0.3940.zip (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\winrar 4.20 final activated-akhilesh910.zip (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Softwares\Adobe Acrobat XI Pro v11.0.0 Multilanguage + Crack\Adobe Acrobat XI Pro v11.0.0\~Get Your Software Here\Crack\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\Adobe Acrobat XI Professional 11.0.3\keygen\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\Beyond.Compare.Pro.v3.3.4.14431.Incl.Keymaker-CORE\cr-rax03.zip (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\Beyond.Compare.Pro.v3.3.4.14431.Incl.Keymaker-CORE\cr-rax03\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\Ezy Invoice Pro 10.6.3.11\ezyinvoice10.exe (PUP.SmsPay) -> Quarantined and deleted successfully.
D:\Softwares\Ezy Invoice Pro 10.6.3.11\Patch\ezy.invoice.10.pro.10.6.3.11-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\Softwares\Gaurav\Coral 13\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Softwares\IncrediMail_2_6.29_Build_5139\IncrediMail 2 6.29 Build 5139\Patch for Win7\incredimail.plus.v6.xx.xxxx.win7-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\Softwares\IncrediMail_2_6.29_Build_5139\IncrediMail 2 6.29 Build 5139\Patch for WinXP\incredimail.plus.v6.xx.xxxx.xp-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\Softwares\ipb board new\Internet_D0wnl0ad_Manager_6.03_Beta_Build_2.rar (Riskware.Tool.CK) -> Quarantined and deleted successfully.
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\core.rar (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\core\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.
D:\Softwares\MS Office 2010 activation\M O2010 act\zyberbackup.k.m.s.actv1.2_zyberakuma\zyberbackup.k.m.s.actv1.2_zyberakuma\mini-KMS_Activator_v1.2_Office2010_VL_ENG.exe (Riskware.Crk) -> Quarantined and deleted successfully.
D:\Softwares\Office.2010.Activator\Office 2010 Toolkit.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Softwares\Windows 8 & Office 2010\w8\win 8 personilazation.exe (Trojan.Dropper.SFX) -> Quarantined and deleted successfully.
D:\Softwares\Windows 8 & Office 2010\w8\win 8 personilazation.rar (Trojan.Dropper.SFX) -> Quarantined and deleted successfully.
D:\Softwares\Windows 8 & Office 2010\w8\win 8 personilazation\win 8 personilazation.exe (Trojan.Dropper.SFX) -> Quarantined and deleted successfully.
D:\USB Data\Office.2010.Activator\Office 2010 Toolkit.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Users\Mohit Jindal\Downloads\Compressed\brstream.com_IncrediMail_2_6.29_Build_5139.zip (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\Users\Mohit Jindal\Downloads\HI-Sharp\Make Windows Xp Genuine Forever (100-)mpr0k.blogspot.com.rar (PUP.RemoveWGA) -> Quarantined and deleted successfully.
D:\Users\Mohit Jindal\Downloads\HI-Sharp\Adobe_Acrobat_ProX_v_10.0.0.396.Multilingual_2\cr-20koe\CORE10k.EXE (PUP.Keygen.Intro) -> Quarantined and deleted successfully.

(end)

________________________________________________________________________________________________________________________________

 

 

Rouge Killer

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Admin1 [Admin rights]
Mode : Scan -- Date : 07/25/2013 16:06:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lm.licenses.adobe.com
 127.0.0.1 192.150.14.69
 127.0.0.1 192.150.18.101
 127.0.0.1 192.150.18.108
 127.0.0.1 192.150.22.40
 127.0.0.1 192.150.8.100
 127.0.0.1 192.150.8.118
 127.0.0.1 209-34-83-73.ood.opsource.net
 127.0.0.1 3dns-1.adobe.com
 127.0.0.1 3dns-2.adobe.com
 127.0.0.1 3dns-2.adobe.com
 127.0.0.1 3dns-3.adobe.com
 127.0.0.1 3dns-3.adobe.com
 127.0.0.1 3dns-4.adobe.com
 127.0.0.1 3dns.adobe.com
 127.0.0.1 activate-sea.adobe.com
 127.0.0.1 activate-sea.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 7ff588af4f2348d2d1272c467e4525c6
[BSP] b2daaaa5aac1d2841963857997880ae2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 205243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07252013_160610.txt >>


______________________________________________________________________________________________________________________________

 

Root Kit

 

No threat found.
 



#5 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 25 July 2013 - 11:43 PM

p22002970.gif Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech....store-windows-8
- Windows 7: http://www.howtogeek...t-in-windows-7/
- Vista: http://www.howtogeek...system-restore/
- XP: http://support.microsoft.com/kb/948247

 

p22002970.gif Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.


NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingc...ad/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingc...ad/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.


p22003266.jpg  p22003279.jpgp4279089.jpg


#6 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 26 July 2013 - 03:41 PM

Combofix:

 

ComboFix 13-07-24.03 - Admin1 6/Jul/2013  20:27:56.3.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.91.1033.18.1910.777 [GMT 5.5:30]
Running from: c:\users\Admin1\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-26 to 2013-07-26  )))))))))))))))))))))))))))))))
.
.
2013-07-26 15:07 . 2013-07-26 15:07    --------    d-----w-    c:\users\User\AppData\Local\temp
2013-07-26 15:07 . 2013-07-26 15:07    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-07-26 15:07 . 2013-07-26 15:07    --------    d-----w-    c:\users\Mohit Jindal\AppData\Local\temp
2013-07-26 15:07 . 2013-07-26 15:07    --------    d-----w-    c:\users\Malisa\AppData\Local\temp
2013-07-26 15:07 . 2013-07-26 15:07    --------    d-----w-    c:\users\Karan\AppData\Local\temp
2013-07-26 14:53 . 2013-07-26 14:53    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{066005C1-0546-427C-AC5D-66EB077A65B4}\MpKsl47ef535c.sys
2013-07-26 13:28 . 2013-07-02 06:54    7143960    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{066005C1-0546-427C-AC5D-66EB077A65B4}\mpengine.dll
2013-07-25 12:59 . 2013-07-25 12:59    --------    d-----w-    c:\program files\Common Files\Java
2013-07-25 12:58 . 2013-07-25 12:58    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-25 12:58 . 2013-07-25 12:58    --------    d-----w-    c:\program files\Java
2013-07-25 12:51 . 2013-07-02 06:54    7143960    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-25 11:01 . 2013-07-25 12:02    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-25 09:26 . 2013-07-25 09:30    --------    d-----w-    c:\program files\KMSpico
2013-07-24 16:04 . 2013-07-24 16:04    --------    d-----w-    c:\users\Admin1\AppData\Roaming\Samsung
2013-07-24 16:03 . 2013-06-21 00:07    181912    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-07-24 16:03 . 2013-06-21 00:07    84248    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-07-24 15:52 . 2013-06-14 14:26    821824    ----a-w-    c:\windows\system32\dgderapi.dll
2013-07-23 07:08 . 2013-07-23 07:08    --------    d-----w-    c:\program files\RKComputer
2013-07-22 15:42 . 2013-06-06 06:24    19448    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2013-07-22 15:39 . 2013-06-06 06:24    25088    ----a-w-    c:\windows\system32\drivers\teamviewervpn.sys
2013-07-20 14:22 . 2013-07-20 14:25    --------    d-----w-    c:\program files\PDF Password Remover
2013-07-20 14:08 . 2013-07-20 14:08    --------    d-----w-    c:\program files\Free PDF Unlocker
2013-07-20 07:10 . 2013-07-20 07:10    --------    d-----w-    c:\programdata\AheadPDF
2013-07-20 07:10 . 2013-07-20 07:10    --------    d-----w-    c:\program files\AheadPDF
2013-07-19 12:06 . 2013-06-27 09:57    104928    ----a-w-    c:\windows\system32\drivers\idmwfp.sys
2013-07-17 11:17 . 2013-07-17 11:16    698504    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDB6684A-FDEA-4758-B992-EA4A75CDBF00}\gapaengine.dll
2013-07-16 07:07 . 2013-07-16 07:07    --------    d-----w-    c:\program files\ProxyShell
2013-07-16 03:55 . 2013-07-16 03:55    --------    d-----w-    c:\program files\gs
2013-07-15 18:09 . 2013-07-16 03:53    --------    d-----w-    c:\program files\Lattice
2013-07-15 18:07 . 2013-07-15 18:07    --------    d-----w-    c:\program files\Common Files\Corel
2013-07-15 18:06 . 2013-07-15 18:06    --------    d-----w-    c:\program files\Common Files\Protexis
2013-07-15 17:59 . 2013-07-15 17:59    --------    d-----w-    c:\program files\Corel
2013-07-15 17:31 . 2013-07-16 03:59    --------    d-----w-    c:\programdata\CorelDRAW Technical Suite X6
2013-07-03 08:43 . 2013-07-03 08:43    --------    d-----w-    c:\program files\Microsoft Games
2013-06-27 09:57 . 2013-06-27 09:57    --------    d-----w-    c:\programdata\regid.1991-06.com.microsoft
2013-06-27 09:56 . 2013-06-27 09:57    --------    d-----w-    c:\program files\Microsoft SQL Server
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 09:59 . 2012-07-31 08:13    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 09:59 . 2012-07-31 08:13    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-25 12:58 . 2012-07-31 05:17    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-25 12:58 . 2012-07-31 05:17    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-24 13:24 . 2012-10-01 05:40    724464    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 14:27 . 2012-11-17 10:01    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2013-06-14 14:26 . 2013-06-14 14:26    90112    ----a-w-    c:\windows\MAMCityDownload.ocx
2013-06-14 14:26 . 2013-06-14 14:26    330240    ----a-w-    c:\windows\MASetupCaller.dll
2013-06-14 14:26 . 2013-06-14 14:26    30568    ----a-w-    c:\windows\MusiccityDownload.exe
2013-06-04 03:45 . 2013-06-04 03:45    581192    ----a-w-    c:\windows\system32\WinUSBCoInstaller.dll
2013-05-27 08:23 . 2013-06-17 15:14    27144    ----a-w-    c:\windows\system32\nitrolocalmon2.dll
2013-05-27 08:23 . 2013-06-17 15:14    18440    ----a-w-    c:\windows\system32\nitrolocalui2.dll
2013-05-18 11:01 . 2013-05-18 11:01    166968    ----a-r-    c:\users\Admin1\AppData\Roaming\Microsoft\Installer\{2D61B00C-6068-456D-A851-10AC57E7EFE1}\ARPPRODUCTICON.exe
2013-05-02 15:28 . 2012-07-27 07:11    238872    ------w-    c:\windows\system32\MpSigStub.exe
2012-09-28 08:27 . 2013-07-04 08:08    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-08-28 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 15:03    1720976    ----a-w-    c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 15:03    1720976    ----a-w-    c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 15:03    1720976    ----a-w-    c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\users\Admin1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\users\Admin1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\users\Admin1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12    130736    ----a-w-    c:\users\Admin1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 18:27    578512    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 18:27    578512    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 18:27    578512    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 18:27    578512    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 18:27    578512    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 18:27    578512    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-07-19 3612240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-07-15 1564016]
"uTorrent"="c:\users\Admin1\AppData\Roaming\uTorrent\uTorrent.exe" [2013-07-25 1150544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2012-09-28 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 177984]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-05-09 498848]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-05-09 302240]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2000-01-01 5708432]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-07-15 311152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Karan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-7-3 29337928]
.
c:\users\Admin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-7-3 29337928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Internet Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Internet Download Manager.lnk
backup=c:\windows\pss\Internet Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkyHistory.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SkyHistory.lnk
backup=c:\windows\pss\SkyHistory.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk]
path=c:\users\Admin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Admin1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Admin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-02-06 585728]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-03-19 102784]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2012-09-28 30192]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2000-01-01 87968]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-09 146592]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-05-09 76960]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-02-05 233472]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2000-01-01 1816064]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-06-27 104928]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-09 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-09 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-09 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-09 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-09 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-09 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-09 243872]
S3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 51200]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-03-19 73216]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MPKSL47EF535C
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 09:59]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-18 08:55]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-18 08:55]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55597573-93150469-1764227096-1001Core.job
- c:\users\Admin1\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-28 10:05]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55597573-93150469-1764227096-1001UA.job
- c:\users\Admin1\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-28 10:05]
.
.
------- Supplementary Scan -------
.


IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-18 16:49; {8D150B8F-EFE8-45a3-A4A3-053020F48FAC}; c:\program files\Wondershare\Video Converter Ultimate\SVRFirefoxExt
FF - ExtSQL: 2013-06-18 17:28; support@platinumhideip.com; c:\users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions\support@platinumhideip.com.xpi
FF - ExtSQL: 2013-06-18 23:46; web2pdfextension@web2pdf.adobedotcom; c:\program files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2013-07-26 19:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-55597573-93150469-1764227096-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*͑}T
T]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-55597573-93150469-1764227096-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*͑}T
T\OpenWithList]
@Class="Shell"
"a"="Skype.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-55597573-93150469-1764227096-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*͑}T
T]
@Allowed: (Read) (RestrictedCode)
"0"=hex:55,00,70,00,67,00,72,00,61,00,64,00,65,00,54,00,6f,00,6f,00,6c,00,5f,
   00,45,00,6e,00,67,00,5f,00,56,00,31,00,2e,00,32,00,2e,00,30,00,2e,00,30,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-55597573-93150469-1764227096-1001_Classes\CLSID\{1536ec9a-d119-4076-b361-ab258c0a351c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011a
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-55597573-93150469-1764227096-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):37,bd,eb,a4,2b,10,ab,70,d5,31,30,12,7f,ee,c3,27,27,a5,83,91,1a,
   f5,22,59,ae,c4,fe,8f,76,bc,2b,21,a3,62,00,e3,ce,38,b7,0c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-26  20:39:35
ComboFix-quarantined-files.txt  2013-07-26 15:09
.
Pre-Run: 21,494,513,664 bytes free
Post-Run: 21,341,548,544 bytes free
.
- - End Of File - - DBE85444C204FAE1CAD0700DE4CC00CA
A36C5E4F47E84449FF07ED3517B43A31
 

______________________________________________________________________________________________________________________________

 

Rkill log (run in normal mode):

 

Rkill 2.5.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 07/26/2013 09:07:21 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\system32\FsUsbExService.Exe (PID: 2032) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\Windows\System32\user32.dll : 8,11,520 : 08/28/2012 12:34 AM : 7bd7f45ff37fa0669cd32ca0ef46e22c [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 8,11,520 : 11/21/2010 02:59 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/26/2013 09:07:38 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)

____________________________________________________________________________________________________________________________



#7 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 26 July 2013 - 09:39 PM

Looks good.

 

How is computer doing?

 

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

p22002970.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

p22002970.gif Download OTL to your Desktop.
Alternate download: http://www.itxassoci...T-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.


p22003266.jpg  p22003279.jpgp4279089.jpg


#8 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 27 July 2013 - 11:51 AM

I dont know what's the cause but for some odd reason OTL refuses to run on my machine. May be you can makeout something from the enclosed screenshot.

 

Ak5rnXa.png?1

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Professional x86
Ran by Admin1 on 27/Jul/2013 at 16:03:56.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Admin1\AppData\Roaming\mozilla\firefox\profiles\3rydkq87.default-1361286208117\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/Jul/2013 at 16:06:14.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Adwcleaner:

 

# AdwCleaner v2.306 - Logfile created 07/27/2013 at 15:56:20
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Admin1 - MJ-LAPPY
# Boot Mode : Normal
# Running from : C:\Users\Admin1\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\Admin1\AppData\Local\Wondershare

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Karan\AppData\Roaming\Mozilla\Firefox\Profiles\0so6hksi.default\prefs.js

[OK] File is clean.

File : C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\prefs.js

C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1780 octets] - [23/04/2013 10:55:09]
AdwCleaner[S2].txt - [2617 octets] - [27/07/2013 15:56:20]

########## EOF - C:\AdwCleaner[S2].txt - [2677 octets] ##########

_____________________________________________________________________________________________________________________________



#9 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 27 July 2013 - 11:43 PM

Delete your OTL file, download fresh one and try again.


p22003266.jpg  p22003279.jpgp4279089.jpg


#10 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 29 July 2013 - 06:06 AM

I already did that not once but several times before notifying you but to no avail.



#11 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 29 July 2013 - 06:34 AM

Ok I was finally able to get this OTL working. I saved it to some other location and it worked. Here are the logs:

 

OTL logfile created on: 29/Jul/2013 11:38:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Softwares\ipb board new
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd/MMM/yyyy
 
1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 25.22% Memory free
3.73 Gb Paging File | 1.63 Gb Available in Paging File | 43.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 21.43 Gb Free Space | 21.97% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 79.66 Gb Free Space | 39.74% Space Free | Partition Type: NTFS
 
Computer Name: MJ-LAPPY | User Name: Admin1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/29 11:37:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Softwares\ipb board new\OTL.exe
PRC - [2013/07/27 22:03:53 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/27 08:31:37 | 003,624,528 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/07/25 18:50:20 | 001,150,544 | ---- | M] (BitTorrent Inc.) -- C:\Users\Admin1\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/07/15 19:21:22 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/07/15 19:21:20 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/12 07:45:27 | 011,596,128 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/07/12 07:45:27 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/07/08 16:29:02 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/07/03 06:23:20 | 029,337,928 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin1\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/27 13:54:38 | 000,196,616 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
PRC - [2013/04/18 19:26:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2013/04/18 19:26:14 | 000,659,992 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2013/04/18 19:26:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/05 14:24:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/12/12 19:14:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/11/30 08:25:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 08:18:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/13 13:30:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
PRC - [2012/05/13 13:30:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
PRC - [2012/04/19 16:02:32 | 008,177,664 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
PRC - [2011/11/07 20:02:04 | 000,651,776 | ---- | M] () -- C:\Program Files\Connector\Connector.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/05/09 18:28:38 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/05/09 18:27:12 | 000,498,848 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\BtvStack.exe
PRC - [2011/05/09 18:27:08 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe
PRC - [2011/05/09 18:27:06 | 000,076,960 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/21 02:59:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/11/16 19:07:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe
PRC - [2010/07/23 11:43:54 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/23 11:43:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/07/05 01:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/29 15:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2000/01/01 05:30:00 | 005,708,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2000/01/01 05:30:00 | 001,816,064 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2000/01/01 05:30:00 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/27 22:03:30 | 003,536,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/24 21:37:48 | 017,281,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\f36d01f0615aa40928fefdf801472e2a\Kies.Theme.ni.dll
MOD - [2013/07/24 21:37:46 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\aa0be41abad2c6f8a55c257eac16e1dc\DummyStorePlugin.ni.dll
MOD - [2013/07/24 21:37:45 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\6039d6f4f12010962db3def6ed073f84\DeviceStoryAlbum.ni.dll
MOD - [2013/07/24 21:37:44 | 000,616,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\fede8f78f7ccad2a04b5e338bc312793\DevicePodcast.ni.dll
MOD - [2013/07/24 21:37:42 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\965a4db4fdabc1ff4deced8ae0eaeaef\DeviceVideo.ni.dll
MOD - [2013/07/24 21:37:41 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\33676f5b6ecef3bd41f763e0b5a2b12f\DevicePhoto.ni.dll
MOD - [2013/07/24 21:37:39 | 000,309,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\22890278a3426f7811988ee48b355064\DeviceMusic.ni.dll
MOD - [2013/07/24 21:37:38 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\a0256c1b462c031ba4a1edfc643c5614\VideoManager.ni.dll
MOD - [2013/07/24 21:37:37 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\ee81dab81dec9886a8da4382f2e7856d\PhotoManager.ni.dll
MOD - [2013/07/24 21:37:34 | 001,992,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\d961e06ff3c006a9f2571dc9b6e17b20\Phonebook.ni.dll
MOD - [2013/07/24 21:37:27 | 000,207,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\9ec2bfce146af189ec3c8869171c6b48\StoryAlbumManager.ni.dll
MOD - [2013/07/24 21:37:26 | 000,945,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\6da8ac2f1085abfe2aa4468849c9c795\MusicManager.ni.dll
MOD - [2013/07/24 21:37:22 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\ae08acf50cbd5d3dca4e087f24662de4\BATPlugin.ni.dll
MOD - [2013/07/24 21:37:12 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\6851a04853a714755f94044f73ba501b\Kies.Common.StoreManager.ni.dll
MOD - [2013/07/24 21:37:10 | 000,534,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\0f7bc7b69499576a0fed095593ad1844\Kies.Common.MediaDB.ni.dll
MOD - [2013/07/24 21:37:08 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\d30dd594f264c0bdcc68e2bbff360cfd\ASF_cSharpAPI.ni.dll
MOD - [2013/07/24 21:37:07 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\15ecea97d261b70731d99e46f3ad00bf\Kies.Common.AllShare.ni.dll
MOD - [2013/07/24 21:37:05 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\98cb0efc47e67d0722dd3cdab876ab83\Kies.Common.DBManager.ni.dll
MOD - [2013/07/24 21:37:04 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c0a8d6fe928024ac593cf01dbafed80e\Kies.Common.CRMManager.ni.dll
MOD - [2013/07/24 21:37:03 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b150018b63c1ad2447859160e2cb88d5\Podcaster.ni.dll
MOD - [2013/07/24 21:37:00 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\29bc4b891485857b4ce4fdad36613628\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/07/24 21:36:59 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\38b36aadd0843139737301c09151b528\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/07/24 21:36:58 | 000,178,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\40256ddc5be87c7f2d3fb6867685b6c1\Interop.DevFileServiceLib.ni.dll
MOD - [2013/07/24 21:36:57 | 000,581,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\09b4bd3a4dfb9d2be081dd8797c34c26\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/07/24 21:36:56 | 001,219,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6fb6e2f4cb2e6190727d793737a14ffb\Kies.Common.DeviceService.ni.dll
MOD - [2013/07/24 21:36:52 | 000,998,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\209de69d6d3a6cf1e4f20a0ec1e300f5\DeviceCommonLib.ni.dll
MOD - [2013/07/24 21:36:50 | 000,745,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\206d7fc9c9b4a8da282479acd70b8099\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/07/24 21:36:48 | 000,206,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\d3d04b155ca64fd27a5a99f76d63449d\Kies.Common.MainUI.ni.dll
MOD - [2013/07/24 21:36:17 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\89c0d6a5bcc420c7d60e110e7c019773\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/07/24 21:36:16 | 000,932,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\302c22a75bcb10be2d187bbe496c643c\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/07/24 21:36:14 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\145952716fb5eee03a99b0ccf8ac02cb\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/07/24 21:36:13 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\613d9b5af9aba20ee1353c43c9c0a84b\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/07/24 21:36:13 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\647859d1e270c353a8e9926205ccc430\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/07/24 21:36:12 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\df583bdd5805a8ea646aa90a83e31a0a\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/07/24 21:36:08 | 002,219,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\a6baaa5eb96a4b4badc8cad0f74c66b0\Kies.Common.Multimedia.ni.dll
MOD - [2013/07/24 21:36:04 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e0053e720201fcee506bec0f965bb043\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/07/24 21:36:02 | 000,640,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7b2a1626eeca89375b33ff513d735798\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/07/24 21:35:57 | 007,133,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\5e654d66c82a6392bc77f4950559a5b9\DeviceHost.ni.dll
MOD - [2013/07/24 21:35:50 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\8ea615184f2f6240df29ba506a9c178c\CabLib.ni.dll
MOD - [2013/07/24 21:35:48 | 000,311,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\861f204e3b6a955c4e5ea00d4ef4145c\Kies.Common.Util.ni.dll
MOD - [2013/07/24 21:35:47 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\140c88e07321fe9db52c168290f4cbe2\Interop.DeviceSearchLib.ni.dll
MOD - [2013/07/24 21:35:46 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\41970f22a29998af8e512b4ac1bc3ca4\Kies.Locale.ni.dll
MOD - [2013/07/24 21:35:45 | 001,902,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f19474a27d448d6a8accd13472e19626\Kies.UI.ni.dll
MOD - [2013/07/24 21:35:45 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\799436c96bf9a55f763c3c5e27bc66b4\Kies.MVVM.ni.dll
MOD - [2013/07/24 21:35:41 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\00a792a8f73eaa4a38a5ed9539b07a50\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/07/24 21:35:39 | 001,281,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\c06f4d4aeb5ef48764a0a927b16d4d12\Kies.Interface.ni.dll
MOD - [2013/07/24 21:35:12 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\cbb1eb18b6cfdc6f75b8643217ef079e\System.Runtime.Remoting.ni.dll
MOD - [2013/07/24 21:35:08 | 002,180,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\463f253cda07b716e9f88ad7f5d2d0f5\Kies.ni.exe
MOD - [2013/05/16 11:33:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\89fd15e9d707c129ad6c55219e869913\System.Windows.Forms.ni.dll
MOD - [2013/05/16 11:32:18 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9f4514a8d76705d23fe8bfe4fcc26ace\WindowsBase.ni.dll
MOD - [2013/05/16 11:31:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\92e43ccca9c0c666e82d28c26ebff588\System.Configuration.ni.dll
MOD - [2013/05/16 11:25:41 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7a89b81a9a5c4a57d2b1b152beb9b481\PresentationFramework.ni.dll
MOD - [2013/05/16 11:25:28 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\69236ea8029652460eff6fc27bfc742c\PresentationCore.ni.dll
MOD - [2013/05/16 11:25:21 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c206c0d5425bc25640b647ac986fc236\System.Core.ni.dll
MOD - [2013/05/16 11:25:14 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\45c1597cf0c989dbbfdc5e3cb067306f\WindowsBase.ni.dll
MOD - [2013/05/16 11:25:12 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e9784f6667e92cb4d3bc01731c8a3310\System.Configuration.ni.dll
MOD - [2013/04/25 14:31:33 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll
MOD - [2013/03/14 02:18:52 | 024,978,944 | ---- | M] () -- C:\Users\Admin1\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/10 13:52:53 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\260e6869442d5d95a0831a50f822ab8a\IAStorCommon.ni.dll
MOD - [2013/01/10 13:52:52 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c65b0df48c2e1a5b5470f6bfbceadc46\IAStorUtil.ni.dll
MOD - [2013/01/09 13:30:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7cce39782300219e1130698e8fbc30c\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 13:29:40 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\287e0f73a2bb79d6ba7f6141d6914bab\System.Drawing.ni.dll
MOD - [2013/01/09 13:29:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1a8cdc51e5752c5ef72b8677017df8c9\System.Xml.ni.dll
MOD - [2013/01/09 13:29:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98b49167a3373cf333d4c89ac47dcefb\System.ni.dll
MOD - [2013/01/09 13:29:06 | 011,493,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2866646f2e764e809451219352b63ef0\mscorlib.ni.dll
MOD - [2013/01/09 13:12:26 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll
MOD - [2013/01/09 12:57:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll
MOD - [2013/01/09 12:57:25 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013/01/09 12:57:20 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2012/11/14 05:02:50 | 003,558,400 | ---- | M] () -- C:\Users\Admin1\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/01 20:33:02 | 006,522,480 | ---- | M] () -- C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/11/07 20:02:04 | 000,651,776 | ---- | M] () -- C:\Program Files\Connector\Connector.exe
MOD - [2010/07/05 03:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 01:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013/07/27 22:03:53 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/26 15:29:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/12 07:45:27 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 13:54:38 | 000,196,616 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
SRV - [2013/04/18 19:26:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/04/18 19:26:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2013/02/05 14:24:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/03 10:14:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/08/01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/05/13 13:30:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe -- (wampapache)
SRV - [2012/04/19 16:02:32 | 008,177,664 | ---- | M] () [Auto | Running] -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/05/09 18:28:38 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/05/09 18:27:06 | 000,076,960 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/16 19:07:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/07/23 11:43:54 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/23 11:43:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2000/01/01 05:30:00 | 001,816,064 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2000/01/01 05:30:00 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/07/28 15:18:20 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7369F6F5-3328-45E6-B53F-F31B4E1346C2}\MpKsld884ae8e.sys -- (MpKsld884ae8e)
DRV - [2013/06/27 15:27:42 | 000,104,928 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/06/21 05:37:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/21 05:37:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/06/06 11:54:06 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2013/04/18 19:25:52 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/19 12:23:42 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/03/19 12:23:42 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/03/19 12:23:42 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/02/05 14:24:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/01/22 10:47:08 | 000,010,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/10/24 19:26:46 | 003,059,200 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2012/08/23 20:14:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 20:11:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 20:10:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/23 06:11:50 | 000,270,336 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/09 18:27:18 | 000,243,872 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/05/09 18:27:18 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/05/09 18:27:16 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/05/09 18:27:16 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/05/09 18:27:16 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/05/09 18:27:16 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/05/09 18:27:16 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/11/21 02:59:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 02:59:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 02:59:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 02:59:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/21 02:59:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 02:59:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 02:59:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/03 19:13:20 | 000,105,472 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 05:36:49 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthMtpEnum.sys -- (BthMtpEnum)
DRV - [2009/07/14 05:22:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2000/01/01 05:30:00 | 000,254,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-55597573-93150469-1764227096-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-55597573-93150469-1764227096-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IN
IE - HKU\S-1-5-21-55597573-93150469-1764227096-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF B6 4F B7 4A 8F CD 01  [binary data]
IE - HKU\S-1-5-21-55597573-93150469-1764227096-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-55597573-93150469-1764227096-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-55597573-93150469-1764227096-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-55597573-93150469-1764227096-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.55
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9000/proxy.pac"
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_120.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lattice3d.com/XVL Player: C:\Program Files\Lattice\Player3\npxvlplay.dll (Lattice Technology Co.,Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin1\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin1\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/06/18 23:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/27 22:03:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/27 22:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 23.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/19 12:09:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 23.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Admin1\AppData\Roaming\IDM\idmmzcc5 [2013/07/29 11:31:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Admin1\AppData\Roaming\IDM\idmmzcc5 [2013/07/29 11:31:41 | 000,000,000 | ---D | M]
 
[2012/08/11 10:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin1\AppData\Roaming\Mozilla\Extensions
[2013/07/27 15:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions
[2013/05/01 18:13:51 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions\netvideohunter@netvideohunter.com
[2013/06/18 17:28:52 | 000,004,552 | ---- | M] () (No name found) -- C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions\support@platinumhideip.com.xpi
[2013/02/19 20:34:08 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions\testpilot@labs.mozilla.com.xpi
[2013/07/26 19:13:09 | 000,824,431 | ---- | M] () (No name found) -- C:\Users\Admin1\AppData\Roaming\Mozilla\Firefox\Profiles\3rydkq87.default-1361286208117\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/27 22:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/27 22:03:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/27 22:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/27 22:03:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/27 22:03:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/18 23:46:28 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2013/07/29 11:31:41 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ADMIN1\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/10/01 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin1\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin1\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin1\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin1\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Less Annoying CRM = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjiddacoabcloecailojkglecpliblik\3.0.6_0\
CHR - Extension: Adblock Plus = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\
CHR - Extension: Wondershare Video Converter Ultimate = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp\6.0.0_0\
CHR - Extension: Image Downloader = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj\1.3_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
CHR - Extension: IDM Integration = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Admin1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
 
O1 HOSTS File: ([2013/07/26 20:37:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-55597573-93150469-1764227096-1001\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-55597573-93150469-1764227096-1001..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-55597573-93150469-1764227096-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-55597573-93150469-1764227096-1001..\Run: [uTorrent] C:\Users\Admin1\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Admin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Karan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-55597573-93150469-1764227096-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-55597573-93150469-1764227096-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {1CAC77F7-0745-42BB-A8B7-E466B1FF8640} http://192.168.1.120/ie_stub.cab (IE_STUB Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect125.cab (GMNRev Class)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cp...ddObjSigned.cab (HPSDDX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{720D65E9-10C9-4D9B-8561-4B05C3665A9C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96183856-2A07-476B-B600-FE3B2BAFB645}: DhcpNameServer = 192.168.24.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/29 11:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\sHaRewbb_intnedwnldmng617b6
[2013/07/27 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/26 20:39:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/26 20:25:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/26 20:25:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/26 20:25:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/26 20:25:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/26 20:23:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/26 18:25:29 | 000,104,928 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2013/07/25 19:05:55 | 000,000,000 | R--D | C] -- C:\Users\Admin1\Desktop\MJ ALL
[2013/07/25 18:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/25 18:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/25 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/25 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\RK_Quarantine
[2013/07/25 14:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2013/07/24 22:25:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/07/24 21:34:37 | 000,000,000 | ---D | C] -- C:\Users\Admin1\AppData\Roaming\Samsung
[2013/07/24 21:33:26 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/07/24 21:33:25 | 000,084,248 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/07/24 21:22:13 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013/07/23 12:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Print Envelope
[2013/07/23 12:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\RKComputer
[2013/07/22 21:09:27 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
[2013/07/20 19:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Password Remover
[2013/07/20 19:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Unlocker
[2013/07/20 19:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF Unlocker
[2013/07/20 12:46:38 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\PDF_Password_Remover_v3[1].0
[2013/07/20 12:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AheadPDF
[2013/07/20 12:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\AheadPDF
[2013/07/17 17:18:49 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\RTI
[2013/07/16 13:03:50 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\Diagnostic Tests
[2013/07/16 13:03:02 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\Bank Forms
[2013/07/16 13:01:54 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\Courts
[2013/07/16 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\Dpcc
[2013/07/16 13:01:10 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\Torrents
[2013/07/16 12:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProxyShell Hide IP
[2013/07/16 12:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\ProxyShell
[2013/07/16 09:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2013/07/16 09:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XVL Player (Ver. 9 or later)
[2013/07/15 23:39:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lattice
[2013/07/15 23:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2013/07/15 23:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2013/07/15 23:33:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2013/07/15 23:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Technical Suite X6
[2013/07/15 23:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2013/07/15 23:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Technical Suite X6
[2013/07/03 14:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2013/07/03 13:32:45 | 000,000,000 | ---D | C] -- C:\Users\Admin1\Desktop\IP.Board.v3.4.5_[illus&#33;on]_nulled
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/29 11:38:28 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-55597573-93150469-1764227096-1001Core.job
[2013/07/29 11:35:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/29 11:26:48 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-55597573-93150469-1764227096-1001UA.job
[2013/07/29 11:26:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/29 11:26:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/29 11:26:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/28 08:43:08 | 1501,970,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/26 20:37:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/07/26 20:12:33 | 000,031,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/26 20:12:33 | 000,031,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 18:55:24 | 000,002,052 | ---- | M] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/07/25 18:50:20 | 000,000,832 | ---- | M] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/07/24 21:22:30 | 000,001,968 | ---- | M] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/07/24 21:22:30 | 000,001,958 | ---- | M] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/07/23 18:46:40 | 000,692,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/23 18:46:40 | 000,132,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/23 08:31:20 | 000,521,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/22 13:33:27 | 000,002,102 | ---- | M] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/07/20 12:49:15 | 000,000,040 | ---- | M] () -- C:\Windows\winDecrypt.INI
[2013/07/13 13:09:05 | 000,047,959 | ---- | M] () -- C:\Users\Admin1\Documents\Districts & Blocks List-Delhi- July 2013.pdf
[2013/07/13 12:54:45 | 000,002,367 | ---- | M] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/03 15:16:41 | 000,001,050 | ---- | M] () -- C:\Users\Admin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/26 20:25:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/26 20:25:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/26 20:25:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/26 20:25:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/26 20:25:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/24 21:22:30 | 000,001,968 | ---- | C] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/07/24 21:22:30 | 000,001,958 | ---- | C] () -- C:\Users\Admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/07/22 21:09:31 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/07/20 12:48:10 | 000,000,040 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2013/07/13 13:09:05 | 000,047,959 | ---- | C] () -- C:\Users\Admin1\Documents\Districts & Blocks List-Delhi- July 2013.pdf
[2013/06/26 09:31:58 | 000,002,824 | ---- | C] () -- C:\Users\Admin1\AppData\Local\recently-used.xbel
[2013/06/14 19:56:26 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/18 16:32:46 | 000,000,114 | ---- | C] () -- C:\ProgramData\SSR2.key
[2013/05/18 16:32:22 | 000,000,012 | ---- | C] () -- C:\ProgramData\8680
[2013/05/18 16:32:22 | 000,000,012 | ---- | C] () -- C:\ProgramData\4794
[2013/05/18 16:32:22 | 000,000,012 | ---- | C] () -- C:\Users\Admin1\AppData\Local\4662
[2013/05/18 16:32:22 | 000,000,012 | ---- | C] () -- C:\Users\Admin1\AppData\Roaming\3888
[2013/05/18 16:32:22 | 000,000,012 | ---- | C] () -- C:\ProgramData\1374
[2013/04/01 14:43:43 | 000,004,914 | ---- | C] () -- C:\ProgramData\bzoyeojg.eew
[2013/03/15 08:54:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2013/02/18 10:52:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013/02/18 10:52:45 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013/01/10 16:42:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/01/10 13:38:23 | 000,010,496 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/01/09 12:51:13 | 000,365,568 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2013/01/09 12:51:13 | 000,169,472 | ---- | C] () -- C:\Windows\System32\ZLhp1020.DLL
[2012/12/19 15:28:41 | 000,000,136 | ---- | C] () -- C:\Users\Admin1\AppData\Local\configurator.xml
[2012/12/04 10:12:10 | 000,245,248 | ---- | C] () -- C:\Windows\System32\zshp1020s.dll
[2012/10/29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/10/29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/10/29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/10/29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/10/19 12:34:37 | 000,000,616 | ---- | C] () -- C:\Windows\System32\https--mail-attachment.googleusercontent.com-attachment-u-0-ui=2&ik=6dee662fb6&view=at.1&disp=inline&safe=1&zw&saduie=AG9B_P_iqlYnRWKaRJ0GYnU31sN7&sadet=1350630288343&sads=vKbx26Pkqqr3qD2Ttmki5jJjzN8.lnk
[2012/08/27 17:29:47 | 000,006,144 | ---- | C] () -- C:\Users\Admin1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/13 15:45:52 | 000,000,032 | -HS- | C] () -- C:\Users\Admin1\AppData\Roaming\{b9c903e0-c592-11df-851a-0800200c9a66}.dat
[2012/08/09 15:21:18 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/08/09 15:21:12 | 013,913,600 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/08/09 15:21:10 | 000,000,146 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/09/15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/08/17 22:43:18 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/08/17 07:48:34 | 000,262,080 | ---- | C] () -- C:\Windows\System32\SynPS2.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 10:25:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 02:59:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/04/01 22:12:00 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\avidemux
[2012/11/05 11:54:33 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/09 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013/07/29 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\DMCache
[2013/06/17 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Downloaded Installations
[2013/07/29 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Dropbox
[2013/01/23 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\DRPSu
[2013/05/24 13:42:46 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\EBBE
[2013/07/03 14:12:19 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\EditPlus 3
[2013/05/22 17:41:50 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\El_Berry
[2013/05/10 15:57:39 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\EzySoft
[2013/06/17 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\FileOpen
[2013/01/14 16:54:45 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Gmail Backup
[2013/07/26 20:10:19 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\IDM
[2013/04/01 14:44:44 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\MOVAVI
[2013/06/17 20:47:23 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Nitro
[2013/07/03 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Nitro PDF
[2012/08/24 10:42:43 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Nokia
[2012/08/22 15:25:16 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Nokia Suite
[2012/08/24 11:06:30 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\PC Suite
[2012/11/07 13:24:24 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\PixelMetrics
[2012/08/27 17:06:05 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Research In Motion
[2013/07/24 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Samsung
[2013/04/02 14:37:15 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Scooter Software
[2013/03/14 12:32:03 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\SolidDocuments
[2012/08/09 15:57:31 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Synaptics
[2012/12/07 13:03:14 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\SystemRequirementsLab
[2013/01/23 10:36:06 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\TeamViewer
[2012/08/11 10:04:16 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\Thunderbird
[2013/07/29 11:46:26 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\uTorrent
[2013/06/23 18:06:01 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\XnView
[2012/08/27 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\ZTEEVDO
[2013/06/18 16:52:41 | 000,000,000 | ---D | M] -- C:\Users\Admin1\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2013/06/21 19:26:59 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DMCache
[2013/06/21 19:20:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IDM
[2012/08/24 11:00:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Nokia
[2012/08/24 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Nokia Suite
[2012/08/24 10:57:38 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PC Suite
[2012/08/24 10:56:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Synaptics
[2012/08/09 15:25:51 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\DMCache
[2012/08/09 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\Dropbox
[2012/08/08 17:30:10 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\IDM
[2012/08/07 11:47:36 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\Research In Motion
[2012/08/09 10:40:05 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\Scooter Software
[2012/07/27 12:45:18 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\Synaptics
[2012/07/31 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\SystemRequirementsLab
[2012/08/07 10:07:39 | 000,000,000 | ---D | M] -- C:\Users\Karan\AppData\Roaming\Thunderbird
[2012/08/24 11:15:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nokia
[2012/08/24 11:14:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nokia Suite
[2012/08/24 11:11:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PC Suite
[2012/08/24 11:10:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >

_________________________________________________________________________________________________________________

 

OTL Extras logfile created on: 29/Jul/2013 11:38:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Softwares\ipb board new
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd/MMM/yyyy
 
1.87 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 25.22% Memory free
3.73 Gb Paging File | 1.63 Gb Available in Paging File | 43.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 21.43 Gb Free Space | 21.97% Space Free | Partition Type: NTFS
Drive D: | 200.43 Gb Total Space | 79.66 Gb Free Space | 39.74% Space Free | Partition Type: NTFS
 
Computer Name: MJ-LAPPY | User Name: Admin1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-55597573-93150469-1764227096-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [RadiAnt] -- "C:\Program Files\RadiAntViewer32bit\RadiAntViewer.exe" "%1" (Medixant)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136E88DA-6487-418A-B9DB-DDA31ECF3866}" = lport=10243 | protocol=6 | dir=in | app=system |
"{162B1272-652A-4F03-911F-8487561C1D7C}" = lport=445 | protocol=6 | dir=in | app=system |
"{16FAAE63-D127-4E87-878A-C678F23E09A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25D59892-60C9-4D4F-89DA-ABBC80BD59DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{358A1F67-3274-4696-9BE1-B62606C0E657}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{37AF1437-4D7D-4FEE-A55A-31BB29F73B77}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39967940-FDCF-4C0C-A58B-479F02116C41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C8A1C8D-8707-4B7B-8BEC-AC2A27B92799}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52A15047-1326-404E-97A2-140C55598C7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5395930F-3C71-4AF3-817F-156486555967}" = rport=138 | protocol=17 | dir=out | app=system |
"{56B57011-8FA4-4F28-B0C1-B50894D5FCE9}" = rport=139 | protocol=6 | dir=out | app=system |
"{5DE11D03-E518-4774-BFC4-51C211E87AF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{626347D9-BB4C-4DAF-95C6-869BDE296353}" = lport=138 | protocol=17 | dir=in | app=system |
"{7E9C2903-F9D9-45EC-9988-E3BB64982942}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{88A708BA-CBFD-44BA-B6EE-6A994B677700}" = lport=2869 | protocol=6 | dir=in | app=system |
"{898A6643-1B59-418D-A7C8-1C5B551F77F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E28AFC2-D93D-4262-A8C2-35C317A44F86}" = rport=137 | protocol=17 | dir=out | app=system |
"{9FAB9564-8E66-433D-A874-85D47B4F46F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5BB8D82-8688-478C-84F8-619872766E1B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A8B7F6D2-9857-46DA-B1C5-A42437095800}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBE5B91A-2E59-46FC-8821-9D321B25F6B4}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{C59ADE88-DF4A-44A8-8689-02494EED21FC}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{D48EA2A8-8039-4F38-98EE-902E1B4F5A81}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E447E6DE-CEB5-4524-AA32-8D9ADF0A0F3E}" = rport=445 | protocol=6 | dir=out | app=system |
"{E96897FC-58A1-44CE-8D97-5ACE05AE9246}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{ED0A836D-CB10-42DD-9F50-1469D90AF619}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBDA8911-D28F-4E7D-93D6-A8B2AD9017BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFD08C70-C342-49B0-8E0E-E9AE7DAD4307}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB11E43-5812-4964-9174-0C73E3B38FFC}" = protocol=6 | dir=in | app=c:\program files\internet download manager\idman.exe |
"{18E43209-C053-4F50-A931-5AB320AA08BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20B99999-C801-4498-B4D5-2F7AA0ABDABA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{23B45E33-3497-4FAC-8C65-07FD90E725CE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{304C51CB-E9BC-42B8-825B-443D66512BA7}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{3627F1AA-9AF9-45F9-BBDE-0EE5877162D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37660EDA-9E4E-4942-BB2A-E0CF9ECB6FCC}" = protocol=6 | dir=in | app=c:\users\admin1\appdata\roaming\utorrent\utorrent.exe |
"{3D5D8625-FC53-4F7B-8850-C8D6CBCC743B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{414389F6-BFBC-42D8-9B7A-9184B4504BD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B4F077D-CB9D-426B-AEF6-06D2B8B29C46}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4EA86295-C2DE-42AD-93DF-67F7D302C382}" = protocol=17 | dir=in | app=c:\program files\internet download manager\idman.exe |
"{4F64955E-E645-4109-B191-3CCADE64273A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{53B0FB74-65BA-4EE1-A73F-306C59AFFFF2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{63BA3DA9-6D88-48DA-B307-6C636B922C0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A0AE8E4-6465-4FE4-8801-4606B8331DC6}" = protocol=17 | dir=in | app=c:\users\admin1\appdata\roaming\utorrent\utorrent.exe |
"{6AF10677-E377-4358-9B09-E06903901EB5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{72719CD4-63AE-44F7-9D8E-78DE80EB9265}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7C9D3E8D-0608-48C4-A829-2AA604DE0E46}" = protocol=6 | dir=out | app=system |
"{7EE8BAC1-17C0-4300-868B-BCD23EAAFF70}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{806A5D88-FBA8-4D8F-AB36-05537DC117BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83EB3B07-C481-46CB-89DF-B919EDA665E1}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{86048E48-C6E1-42A2-BCC4-792C93172627}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{90A8DB4B-6C19-4110-85FB-08264B7C6A8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92CAE840-CA73-4DFC-8B8B-3F23144819EE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{991AE2E2-D77D-4BD7-A90A-1CFB64B72379}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7492ABD-0422-4C1A-A4EE-EA747A332033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA4A9C03-53C7-469F-8859-5DACEDDE7D2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B900A849-12AF-405B-869F-99C199FB71AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BEDFC466-DE8B-48DC-9F8B-B8D012313E17}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C5489C01-C6A3-4830-B4E3-A8965D631E37}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{C54CA02E-A7B4-47CB-8128-F0A7268198A3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{C5B8B852-A600-489A-BD01-8BE5EF9E3774}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{D3101CA3-0F66-43EA-930A-070588952412}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{D6AC373E-15E8-4A17-A360-66B223AFA81D}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{D6ED3707-EF16-4B3F-9DB2-59518A591AD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D71FC60A-E4F6-4D0A-B64E-EBC58CB2D1A7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DD915147-A0F5-4A21-9B11-7369A0FBB058}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EBFBBD29-3CFE-4C39-961C-B10D0B663545}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{F4B0A503-F9C7-4EDB-B218-B789143002BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8984999-35F9-48D2-A578-FDC60D717D72}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA9707AB-EF84-40F0-86D9-AF5A82E04ED0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{291EBD38-B93C-4F58-B62E-A7A157B5240A}C:\users\admin1\appdata\local\temp\c024.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\admin1\appdata\local\temp\c024.tmp\kmservice.exe |
"TCP Query User{524E55FB-D5C2-4E69-8D47-356249FE3A93}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5803FA22-AC4A-427F-87D2-8CFFEE86D72D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5EC45649-63EB-4833-B3E2-2755DA450566}C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe |
"TCP Query User{85AA6B2C-F410-459C-A271-51C45295FF65}C:\program files\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files\hp\common\hpdevicedetection3.exe |
"TCP Query User{A974FFA5-611E-4BF1-8481-699A5520940B}C:\users\admin1\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\admin1\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C1FD0385-1DD8-4174-BB17-6889BF3624CB}C:\users\admin1\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\admin1\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{DE38F4C1-6252-47D2-8B79-5D7206971BED}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{F58F4963-3BD1-4DDD-84F2-6A23D54285FA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{FDA2D769-6F46-4CB2-8C2F-8CB71A7BD808}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{08F19F90-D28E-4D31-9CBC-F76E13CC1F54}C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe |
"UDP Query User{1E1021F0-5610-46AA-BF1E-804A496B36E8}C:\users\admin1\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\admin1\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{21496CB1-AB83-42DB-9BDD-1713E4E32F89}C:\users\admin1\appdata\local\temp\c024.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\admin1\appdata\local\temp\c024.tmp\kmservice.exe |
"UDP Query User{4076EFA2-DF03-46DC-9A97-03474921508E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{5741A826-B0D0-47B5-B41B-4D20E1CB411E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{799E775A-A50D-449E-B407-6C11267BDA77}C:\users\admin1\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\admin1\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{79FB2293-DB1A-4352-B8A7-DB65643C332D}C:\program files\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files\hp\common\hpdevicedetection3.exe |
"UDP Query User{A276C9EB-F28E-47C2-AC09-A40723110D41}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A4392F8A-AEE5-4845-9E4E-A50C22210266}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C4DAF4D6-65A2-4CC2-BAF5-4A3FFE2D68A7}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{A41515DF-0904-42B0-A736-C5566A81B515}" = Corel Graphics - Windows Shell Extension
"_{F49EE358-F23B-4D1C-9228-B6C155C938AE}" = CorelDRAW Technical Suite X6
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{08B95186-14CB-4B39-8E78-7E9773416507}" = CorelDRAW Technical Suite X6 - PHOTO-PAINT
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0D39418C-FB21-49BB-A83F-ED97D0C84483}" = CorelDRAW Technical Suite X6 - IPM Content
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{10290838-B697-4C48-84CD-45580DE5A340}" = Runtime VS2005 SP1 MFC 6195
"{10990BF5-C145-465D-830C-FF7BF3AFCE00}" = CorelDRAW Technical Suite X6 - Common
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11BF4215-81A1-4218-BD93-7ECE3A7C10AF}" = CorelDRAW Technical Suite X6 - Filters
"{13B8AFC4-2AFC-4A82-BFB5-250EB4AD464D}" = CorelDRAW Technical Suite X6 - Designer
"{17433C4D-B3BE-4FCE-9038-DD80D0227DCB}" = CorelDRAW Technical Suite X6 - FontNav
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A27DB55-8B4B-4D37-A48E-5D16E7487425}" = CorelDRAW Technical Suite X6 - Custom Data
"{2001B669-4E0D-4E5F-BF1E-86098B054D04}" = Runtime VS2005 SP1 OpenMP 762
"{219AD1C3-625D-4E3B-AD31-5D1475AEF3D7}" = CorelDRAW Technical Suite X6 - VideoBrowser
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{278EFD6F-86F2-41AF-BDE6-C961A0DFD4D2}" = CorelDRAW Technical Suite X6 - EN
"{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}" = BlackBerry Device Software Updater
"{2A3EB85A-F1EA-4B87-A152-04759E9AC221}" = TimeAttendance v7.1
"{2BACEEE5-7556-4FF4-B0BB-0F3EA8CD2CCA}" = Runtime VS2008 CRT 1
"{2D61B00C-6068-456D-A851-10AC57E7EFE1}" = STOIK Smart Resizer 3
"{38FB60DD-69EC-4D6D-8F8E-EF5DDE6EA718}" = CorelDRAW Technical Suite X6 - Connect
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5D1E6A6A-1C4A-43FF-A4DF-5E94B9CA86A2}" = CorelDRAW Technical Suite X6 - VSTA
"{5E119FD2-2A7B-414A-A4F2-C16B379DCA19}" = CorelDRAW Technical Suite X6 - Redist
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{733ACBA2-A9A2-412B-BAFA-045375F9C6ED}" = Nitro Pro 8
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77B75A66-40C0-4878-9CE9-C54FDA1F3DB5}" = CorelDRAW Technical Suite X6 - Core
"{82B37D39-FB69-48B2-A548-2085F460CC60}" = CorelDRAW Technical Suite X6 - Photozoom Plugin
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8889837C-CFFD-42CB-9436-7EC225F9B171}" = CorelDRAW Technical Suite X6 - Writing Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D99FA19-C2F9-4671-B707-04133EF4AC3D}" = CorelDRAW Technical Suite X6 - IPM
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{947673AB-0683-42C3-A38B-5991B18B706B}" = XVL Studio 3D Corel Edition
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{99B87886-CD77-4466-8002-96FD09B9B3DE}" = XVL Player / XVL Player Pro (Ver. 9 or later)
"{99EEF5D1-7A88-4C5C-942D-420530EC1F64}" = Runtime VS2005 SP1 CRT 6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5E8D0C-A176-6A94-7BF7-4F1839B90372}" = AMD Catalyst Install Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A41515DF-0904-42B0-A736-C5566A81B515}" = Corel Graphics - Windows Shell Extension
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{ABE1617B-E44B-4AB7-80FA-C5E5695C4EDE}" = CorelDRAW Technical Suite X6 - VBA
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B03A7F40-A817-4c68-9954-2B2223BE91AA}_is1" = SkyHistory 1.2.3
"{B574E8A6-0C66-4C6F-8DF6-8FB2356A9D44}" = CorelDRAW Technical Suite X6 - IPM Lattice
"{B6A55FF8-71D7-406A-A4F1-D056164476D4}" = CorelDRAW Technical Suite X6 - Draw
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{C643FF37-93E1-4079-A4EC-83DBEBDB6AFB}" = Runtime VS2005 SP1
"{CB08B34B-0576-4D6D-BE10-02CD4FA729E5}" = Elcomsoft Blackberry Backup Explorer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D91D416B-1948-43AE-9427-AD508585DDE3}" = BlackBerry App World Browser Plugin
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ECD07791-9A98-4E16-B350-0D31809E5EBF}" = Advanced Office Password Recovery
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED5CB552-FD01-4B3A-985B-13EA1F423294}" = Runtime VS2005 SP1 All 6195
"{EFFF4292-F672-41E8-9500-1DB91FDE9A4B}" = CorelDRAW Technical Suite X6 - Common Apps
"{F0557823-56EC-4A1D-B34E-7A0B9E19B345}" = CorelDRAW Technical Suite X6 - Capture
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F49EE358-F23B-4D1C-9228-B6C155C938AE}" = CorelDRAW Technical Suite X6 - Setup Files
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F97F123D-3EA6-461B-9C23-81369AA6C6DA}" = NXPowerLite
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASF-AVI-RM-WMV Repair_is1" = ASF-AVI-RM-WMV Repair 2.01
"Belarc Advisor" = Belarc Advisor 8.2
"BeyondCompare3_is1" = Beyond Compare 3.3.8
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"CaptureWiz" = CaptureWizPro 5.00
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"EditPlus 3" = EditPlus 3
"ESET Online Scanner" = ESET Online Scanner v3
"File Repair_is1" = File Repair
"FileHippo.com" = FileHippo.com Update Checker
"Free PDF Unlocker_is1" = Free PDF Unlocker
"FUDVROCX_is1" = FUDVROCX V1.0.3.26
"GIMP-2_is1" = GIMP 2.8.2
"gmailbackup" = Gmail Backup
"Google Desktop" = Google Desktop
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Instant Invoice n CashBook 10_is1" = Instant Invoice n CashBook 10
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MBlaze" = MBlaze
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)
"Mozilla Thunderbird 23.0 (x86 en-US)" = Mozilla Thunderbird 23.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MRIcro" = MRIcro (remove only)
"MriWatcher_is1" = MriWatcher 1.3.2
"Nokia Suite" = Nokia Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"On-Time Attendance Management System_is1" = On-Time Attendance Management System Version 6.9
"PhotoWipe_is1" = PhotoWipe 1.21
"Print Envelope_is1" = Print Envelope 3.2.1.4
"ProxyShell Hide IP_is1" = ProxyShell Hide IP 7.3.1
"RadiAnt32" = RadiAnt DICOM Viewer (32-bit)
"Recover Keys_is1" = Recover Keys
"Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1" = Revo Uninstaller Pro 3.0.5
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"SynTPDeinstKey" = Synaptics TouchPad Driver
"Tata Photon+" = Tata Photon+
"TeamViewer 8" = TeamViewer 8
"Unlocker" = Unlocker 1.9.2
"VLC media player" = VLC media player 2.0.7
"WampServer 2_is1" = WampServer 2.4
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-11
"WinRAR archiver" = WinRAR 5.00 beta 7 (32-bit)
"Wisdom-soft ScreenHunter 6.0 Pro" = Wisdom-soft ScreenHunter 6.0 Pro
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 6.5.0.5)
"XnView_is1" = XnView 2.03
"ZTEWireless-101_is1" = Reliance Netconnect - Broadband+
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-55597573-93150469-1764227096-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/Jul/2013 06:38:44 | Computer Name = MJ-Lappy | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 0.0.0.0, time stamp:
0x2a425e19  Faulting module name: OTL.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001000  Faulting process id: 0x1d6c  Faulting application
 start time: 0x01ce8ab57582f0b7  Faulting application path: C:\Users\Admin1\Desktop\OTL.exe
Faulting
 module path: C:\Users\Admin1\Desktop\OTL.exe  Report Id: b544afd5-f6a8-11e2-a574-9cb70dbb8b7e
 
Error - 27/Jul/2013 06:39:17 | Computer Name = MJ-Lappy | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 0.0.0.0, time stamp:
0x2a425e19  Faulting module name: OTL.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001000  Faulting process id: 0x1e68  Faulting application
 start time: 0x01ce8ab58aa58886  Faulting application path: C:\Users\Admin1\Desktop\OTL.exe
Faulting
 module path: C:\Users\Admin1\Desktop\OTL.exe  Report Id: c8f18f98-f6a8-11e2-a574-9cb70dbb8b7e
 
Error - 27/Jul/2013 06:46:59 | Computer Name = MJ-Lappy | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 0.0.0.0, time stamp:
0x2a425e19  Faulting module name: OTL.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001000  Faulting process id: 0x197c  Faulting application
 start time: 0x01ce8ab69e12d7d6  Faulting application path: C:\Users\Admin1\Desktop\OTL.exe
Faulting
 module path: C:\Users\Admin1\Desktop\OTL.exe  Report Id: dc87f56e-f6a9-11e2-a574-9cb70dbb8b7e
 
Error - 27/Jul/2013 06:47:26 | Computer Name = MJ-Lappy | Source = Application Error | ID = 1000
Description = Faulting application name: OTL.exe, version: 0.0.0.0, time stamp:
0x2a425e19  Faulting module name: OTL.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Exception
 code: 0xc0000005  Fault offset: 0x00001000  Faulting process id: 0x1538  Faulting application
 start time: 0x01ce8ab6ae4d975b  Faulting application path: C:\Users\Admin1\Desktop\OTL.exe
Faulting
 module path: C:\Users\Admin1\Desktop\OTL.exe  Report Id: ec757e33-f6a9-11e2-a574-9cb70dbb8b7e
 
Error - 27/Jul/2013 07:57:41 | Computer Name = MJ-Lappy | Source = WinMgmt | ID = 10
Description =
 
Error - 27/Jul/2013 23:15:37 | Computer Name = MJ-Lappy | Source = WinMgmt | ID = 10
Description =
 
Error - 27/Jul/2013 23:42:54 | Computer Name = MJ-Lappy | Source = VSS | ID = 8194
Description =
 
[ System Events ]
Error - 27/Jul/2013 11:14:22 | Computer Name = MJ-Lappy | Source = DCOM | ID = 10010
Description =
 
Error - 28/Jul/2013 10:47:53 | Computer Name = MJ-Lappy | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 28/Jul/2013 10:48:23 | Computer Name = MJ-Lappy | Source = DCOM | ID = 10010
Description =
 
Error - 29/Jul/2013 02:12:16 | Computer Name = MJ-Lappy | Source = DCOM | ID = 10001
Description =
 
 
< End of report >
 



#12 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 29 July 2013 - 10:55 PM

p22002970.gif You didn't answer my question:

How is computer doing?

 

 

p22002970.gif Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin1\AppData\Local\Temp\catchme.sys -- (catchme)
FF - user.js - File not found
O2 - BHO: (Wondershare Video Converter Ultimate) - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll File not found
[2012/10/19 12:34:37 | 000,000,616 | ---- | C] () -- C:\Windows\System32\https--mail-attachment.googleusercontent.com-attachment-u-0-ui=2&ik=6dee662fb6&view=at.1&disp=inline&safe=1&zw&saduie=AG9B_P_iqlYnRWKaRJ0GYnU31sN7&sadet=1350630288343&sads=vKbx26Pkqqr3qD2Ttmki5jJjzN8.lnk
[2012/08/13 15:45:52 | 000,000,032 | -HS- | C] () -- C:\Users\Admin1\AppData\Roaming\{b9c903e0-c592-11df-851a-0800200c9a66}.dat


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.


NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
 

Last scans....


p22003266.jpg  p22003279.jpgp4279089.jpg


#13 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 30 July 2013 - 02:41 PM

I don't know the cause but my system has become slow/unresponsive and especially at the time of boot up.

 

Here is the log produced by OTL :

 

 

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Admin1\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF}\ deleted successfully.
C:\Windows\System32\https--mail-attachment.googleusercontent.com-attachment-u-0-ui=2&ik=6dee662fb6&view=at.1&disp=inline&safe=1&zw&saduie=AG9B_P_iqlYnRWKaRJ0GYnU31sN7&sadet=1350630288343&sads=vKbx26Pkqqr3qD2Ttmki5jJjzN8.lnk moved successfully.
C:\Users\Admin1\AppData\Roaming\{b9c903e0-c592-11df-851a-0800200c9a66}.dat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin1
->Temp folder emptied: 14176664 bytes
->Temporary Internet Files folder emptied: 41103381 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 184540979 bytes
->Google Chrome cache emptied: 10827538 bytes
->Flash cache emptied: 64755 bytes
 
User: All Users
 
User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Karan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Malisa
->Temp folder emptied: 0 bytes
 
User: Mohit Jindal
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2153496 bytes
RecycleBin emptied: 30541500 bytes
 
Total Files Cleaned = 270.00 mb
 
 
[EMPTYJAVA]
 
User: Admin1
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Classic .NET AppPool
 
User: Default
 
User: Default User
 
User: DefaultAppPool
 
User: Guest
 
User: Karan
->Java cache emptied: 0 bytes
 
User: Malisa
 
User: Mohit Jindal
 
User: Public
 
User: User
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Admin1
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Classic .NET AppPool
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Flash cache emptied: 0 bytes
 
User: Guest
 
User: Karan
->Flash cache emptied: 0 bytes
 
User: Malisa
 
User: Mohit Jindal
 
User: Public
 
User: User
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07302013_195819

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#14 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 30 July 2013 - 10:54 PM

Keep me posted on your computer behavior...

 

Last scans...

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassoci...T-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.


p22003266.jpg  p22003279.jpgp4279089.jpg


#15 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 03 August 2013 - 02:03 PM

Please allow me some time to post all these logs.



#16 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 03 August 2013 - 02:57 PM

thumbsup-thumbs-up-approve-ok-smiley-emo


p22003266.jpg  p22003279.jpgp4279089.jpg


#17 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 04 August 2013 - 09:46 AM

Eset Log:

 

C:\Program Files\CaptureWiz\Pro\CaptureWizPro 5.00_Patch.exe    a variant of Win32/HackTool.Patcher.U application
C:\Program Files\ProxyShell\ProxyShell Hide IP\MPT.exe    a variant of Win32/HackTool.Patcher.AD application
C:\Program Files\TeamViewer\Version8\Patch.exe    a variant of Win32/HackTool.Patcher.AD application
C:\Users\Admin1\Desktop\PDF_Password_Remover_v3[1].0\PDF_Password_Remover_v3[1].0\PDF Password Remover v3.0\pwdremover.exe    Win32/PSWTool.PdfCracker.B application
C:\Users\Admin1\Dropbox\Apps\Titanium Backup Files\titanium backup\com.imagic.stuntbiker-abb47a2744ac3748322166bde212ca70.apk.bz2    a variant of Android/Plankton.I trojan
C:\Users\Admin1\Dropbox\Apps\Titanium Backup Files\titanium backup\com.QrBarcodeScanner-7bf46eff604a22c2e4085408fe4b3710.apk.bz2    a variant of Android/Plankton.I trojan
C:\Users\Admin1\Dropbox\Apps\Titanium Backup Files\titanium backup\jokes.santabanta.com-88484e90a9b19b673f32d31cbf4056d9.apk.bz2    a variant of Android/Adware.Viser.A application
C:\Windows\System32\MPK\MPK.exe    a variant of Win32/KeyLogger.Refog.B application
C:\Windows\System32\MPK\MpkNetInstall.exe    a variant of Win32/KeyLogger.Refog.B application
C:\Windows\System32\MPK\MPKView.exe    a variant of Win32/KeyLogger.Refog.B application
D:\Desktop Docs\17 dec 12\Desktop\CaptureWizPro.5.00_Patch\CaptureWizPro.5.00_Patch\CaptureWizPro 5.00_Patch.exe    a variant of Win32/HackTool.Patcher.U application
D:\Desktop Docs\17 dec 12\Downloads\cbsidlm-tr1_5-ShowMyPC_Collaboration-10666045.exe    multiple threats
D:\Softwares\0fiz12.part1.rar    a variant of MSIL/HackTool.IdleKMS.A application
D:\Softwares\16.2.0.998.rar.exe    Win32/InstalleRex.J application
D:\Softwares\AA_v3.exe    a variant of Win32/RemoteAdmin.Ammyy.B application
D:\Softwares\applianflv_upgrade_1472.exe    a variant of Win32/InstallIQ.A application
D:\Softwares\CaptureWizPro.5.00_Patch.rar    a variant of Win32/HackTool.Patcher.U application
D:\Softwares\CaptureWiz_Pro_v3.80_KeyGen_diGERATi.exe    Win32/Adware.1ClickDownload.G application
D:\Softwares\cbsi-10912909.exe    a variant of Win32/CNETInstaller.A application
D:\Softwares\cbsidlm-tr1_12-GetFLV-BP-10618974.exe    Win32/DownloadAdmin.G application
D:\Softwares\CDRViewerSetup.exe    Win32/Toolbar.Babylon application
D:\Softwares\cnet2_FLVPlayerSetup_exe_2.exe    a variant of Win32/InstallCore.D application
D:\Softwares\Elcomsoft Blackberry Backup Explorer Professional v9.05.rar    probably unknown NewHeur_PE virus
D:\Softwares\file-repair-setup.exe    Win32/OpenCandy application
D:\Softwares\FLVPlayer30Upgrade.exe    a variant of Win32/InstallIQ.A application
D:\Softwares\FreeYouTubeDownloaderInstaller.exe    a variant of Win32/Somoto.A application
D:\Softwares\iLividSetup-r362-n-bf.exe    Win32/Toolbar.SearchSuite application
D:\Softwares\ofiz 2013 Activator.rar    a variant of MSIL/HackTool.IdleKMS.A application
D:\Softwares\radarsync.exe    a variant of Win32/InstallCore.W application
D:\Softwares\Setup-PlusForSkype-1.5.exe    a variant of Win32/MessengerPlus.A application
D:\Softwares\ShapeCollage-2.5.3-Setup.exe    Win32/OpenCandy application
D:\Softwares\sHaRewbb_wdsvdeoconvert6505new.rar    a variant of Win32/HackTool.Patcher.AD application
D:\Softwares\u3p80.ProxyShell.Hide.IP.7.3.1.rar    a variant of Win32/HackTool.Patcher.AD application
D:\Softwares\Unlocker1.9.1.exe    multiple threats
D:\Softwares\Unlocker1.9.2.exe    a variant of Win32/Toolbar.Babylon.E application
D:\Softwares\Adobe Acrobat XI Pro v11.0.0 Multilanguage + Crack\Adobe Acrobat XI Pro v11.0.0.tgz    a variant of Win32/Keygen.DO application
D:\Softwares\Elcomsoft Blackberry Backup Explorer Professional v9.05\Elcomsoft Blackberry Backup Explorer Professional v9.05\ebbe_setup_en.msi    probably unknown NewHeur_PE virus
D:\Softwares\Gaurav\Adobe Dreamweaver CS5 [Win]-[CyberPiraten]\Activation Blocker.cmd    BAT/HostsChanger.A application
D:\Softwares\IncrediMail_2_6.29_Build_5139\IncrediMail 2 6.29 Build 5139\AIO Incredimail Patch v3.0 by CHECHU\AIO Incredimail PLUS v.3.zip    a variant of Win32/HackTool.Patcher.T application
D:\Softwares\IncrediMail_2_6.29_Build_5139\IncrediMail 2 6.29 Build 5139\AIO Incredimail Patch v3.0 by CHECHU\AIO Incredimail PLUS v.3\AIO Incredimail PLUS v.3.exe    a variant of Win32/HackTool.Patcher.T application
D:\Softwares\ipb board new\bs_Free_PDF_Unlocker.exe    multiple threats
D:\Softwares\ipb board new\CDRX616.3.0.1114x32.part1.rar    a variant of Win32/Keygen.AU application
D:\Softwares\ipb board new\pdfpasswordremover.exe    a variant of Win32/Toolbar.Babylon.A application
D:\Softwares\ipb board new\sHaRewbb_tv8019617rif.rar    a variant of Win32/HackTool.Patcher.AD application
D:\Softwares\ipb board new\Unlocker1.9.2.exe    a variant of Win32/Toolbar.Babylon.E application
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\keygen.exe    a variant of Win32/Keygen.AU application
D:\Softwares\ipb board new\CDRX616.3.0.1114x32\core\keygen.exe    a variant of Win32/Keygen.AU application
D:\Softwares\u3p80.ProxyShell.Hide.IP.7.3.1\MPT.exe    a variant of Win32/HackTool.Patcher.AD application
D:\Softwares\Windows 8 & Office 2010\Office 2010 Toolkit.exe    a variant of MSIL/HackKMS.A application
D:\Softwares\Windows 8 & Office 2010\office2010\OTK2010V2.zip    a variant of MSIL/HackKMS.A application
D:\Softwares\Windows 8 & Office 2010\office2010\OTK2010V2\Office 2010 Toolkit.exe    a variant of MSIL/HackKMS.A application
D:\Users\Mohit Jindal\Downloads\Compressed\AAXPRO.10.1.1.rar    multiple threats
Operating memory    a variant of Win32/KeyLogger.Refog.B application
 

___________________________________________________________________________________________

 

FSS log:

 

Farbar Service Scanner Version: 26-07-2013
Ran by Admin1 (administrator) on 31-07-2013 at 19:48:51
Running from "D:\Softwares\ipb board new"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

_______________________________________________________________________________________________________

 

 

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.7009)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.129  
 Mozilla Firefox (23.0)
 Mozilla Thunderbird (23.0.)
 Google Chrome 27.0.1453.116  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

____________________________________________________________________________



#18 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 04 August 2013 - 03:17 PM

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:


:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.


2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla....US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...nning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingc...er-safe-online/

14. Please, let me know, how your computer is doing.

p22003266.jpg  p22003279.jpgp4279089.jpg


#19 Scorpy Re: [RESOLVED] Infected again.

Scorpy

    Member

  • Topic Starter
  • Members
  • 121 posts
  • 9 topics
    • Time Online: 2h 35m 16s
  • Joined July 03, 2010
  • Age: 38
  • Skin: IP.Board
  • Local time: 05:14 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:Anywhere Anytime ;)
  • OS:Windows 7
  • Country:
Offline

Posted 06 August 2013 - 02:12 AM

Broni I did like to have a good keylogger installed on my system which does no harm to my system. Please advise me on the same before I take the final plunge as advised by you in the previous post. Thanks



#20 Broni Re: [RESOLVED] Infected again.

Broni

    Administrator - Malware Annihilator

  • Administrators
  • 34,841 posts
  • 1,990 topics
    • Time Online: 202d 22h 54m 16s
  • Joined October 04, 2004
  • Age: 59
  • Skin: Smartest wide
  • Local time: 04:44 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows 8
  • Country:
Offline

Posted 06 August 2013 - 02:35 AM

What do you need a keylogger for?

I don't know anything about keyloggers and I rather wouldn't feel morally sound advising someone on keyloggers.


p22003266.jpg  p22003279.jpgp4279089.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users